I was contacted by a local Orthodox Non-Profit when their site was hacked on Friday.

Thank God I was able to correct the situation fairly quickly.

I determined that a group of Indonesian hackers known as “Zerf-003” were responsible and are targeting Jewish websites with anti-Semitic graphics and audio. Typically, the audio is in French with anti-Israel and anti-Jewish slurs in both French and Arabic.

While known for more nefarious activities, they generally inject code into the websites HTML to alter the home page. Apparently, no files are uploaded but the graphics and audio are links to an Indonesian site: https://g.top4top.io/. In this case they used a relatively simple technique called the “Shell Upload Method.”

I am not including the links to the audio because of the vulgar content which may be understood by some TLS readers. Here is a screen shot of the hacked home-page.

In this case, the site holds numerous types of data on companies and individuals and fortunately the flaw was found before any data could be exfiltrated.

It is important the admins change their passwords on a regular basis using a password generator such as Kaspersky password manager, which will generate a very complex password to crack.

With the ever-increasing rise in cyber-attacks I urge all types of organizations to ensure that their website administrator use every safety measure to protect their sites.

Administrators must always review their Access Control Lists and their Packet Capture (PCAP) logs to look for any suspicious activity.

This is the site that was used by the attackers. It is in Indonesia: